Details of VAR-202108-2068

ID

VAR-202108-2068

CVE

CVE-2021-30870

TITLE

apple's iPadOS and iOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-021187

DESCRIPTION

A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. Previewing an html file attached to a note may unexpectedly contact remote servers. apple's iPadOS and iOS Exists in unspecified vulnerabilities.Information may be tampered with. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none

Trust: 1.8

sources: NVD: CVE-2021-30870 // JVNDB: JVNDB-2021-021187 // VULHUB: VHN-390603 // VULMON: CVE-2021-30870

AFFECTED PRODUCTS

vendor:	apple	model:	ipados	scope:	lt	version:	15.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.0	Trust: 1.0
vendor:	アップル	model:	ipados	scope:	eq	version:	15.0	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-021187 // NVD: CVE-2021-30870

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30870
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-30870
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202108-1957
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-390603
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-30870
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-390603
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30870
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-30870
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-390603 // JVNDB: JVNDB-2021-021187 // CNNVD: CNNVD-202108-1957 // NVD: CVE-2021-30870

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-021187 // NVD: CVE-2021-30870

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1957

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-1957

PATCH

title:	HT212814 Apple Security update	url:	https://support.apple.com/en-us/HT212814	Trust: 0.8
title:	Apple iOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167648	Trust: 0.6

sources: JVNDB: JVNDB-2021-021187 // CNNVD: CNNVD-202108-1957

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30870	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-021187	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.3578	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-1957	Trust: 0.6
db:	VULHUB	id:	VHN-390603	Trust: 0.1
db:	VULMON	id:	CVE-2021-30870	Trust: 0.1

sources: VULHUB: VHN-390603 // VULMON: CVE-2021-30870 // JVNDB: JVNDB-2021-021187 // CNNVD: CNNVD-202108-1957 // NVD: CVE-2021-30870

REFERENCES

url:	https://support.apple.com/en-us/ht212814	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30870	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.3578	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-390603 // VULMON: CVE-2021-30870 // JVNDB: JVNDB-2021-021187 // CNNVD: CNNVD-202108-1957 // NVD: CVE-2021-30870

SOURCES

db:	VULHUB	id:	VHN-390603
db:	VULMON	id:	CVE-2021-30870
db:	JVNDB	id:	JVNDB-2021-021187
db:	CNNVD	id:	CNNVD-202108-1957
db:	NVD	id:	CVE-2021-30870

LAST UPDATE DATE

2024-08-14T12:50:50.384000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-390603	date:	2023-01-09T00:00:00
db:	VULMON	id:	CVE-2021-30870	date:	2021-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-021187	date:	2024-07-18T06:00:00
db:	CNNVD	id:	CNNVD-202108-1957	date:	2021-11-02T00:00:00
db:	NVD	id:	CVE-2021-30870	date:	2023-11-07T03:33:37.320

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-390603	date:	2021-08-24T00:00:00
db:	VULMON	id:	CVE-2021-30870	date:	2021-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-021187	date:	2024-07-18T00:00:00
db:	CNNVD	id:	CNNVD-202108-1957	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-30870	date:	2021-08-24T19:15:15.223